General PKI FAQ
- What is the Virginia Tech Certification Authority (VTCA)?
- Why do I need to download and install VTCA certificates on my browser?
- How do I download and install the VTCA certificates?
- What happens if I do not install VTCA certificates on my browser?
- What web browsers can VTCA certificates be installed on?
- What if I need help, where do I go?
- What is PKI?
- What is the relationship between PKI and security?
- What are the major elements of PKI?
- What is a Certificate Authority (CA)?
- What is a digital certificate?
- Does a digital certificate have a limited life time?
- Why is PKI based on trust?
- Where can I read more about Digital Certificates?"
What is the Virginia Tech Certification Authority (VTCA)?
The Virginia Tech Certification Authority is a service at Virginia Tech that is responsible for issuing and managing digital certificates and public keys for Virginia Tech affiliated entities. The VTCA is the core of the Virginia Tech Public Key Infrastructure (PKI). The VTCA guarantees the identity and the authenticity of the entities it issues digital certificates to by using approved policies and procedures outlined in the Virginia Tech Certification Policy (CP) document.
Why do I need to download and install VTCA certificates on my browser?
By installing the VTCA certificates on your browser, applications using certificates will automatically recognize and accept certificates issued by the VTCA.
How do I download and install the VTCA certificates?
If you need help installing the Virginia Tech Root CA certificate please consult the Getting Started web page which provides step by step instructions for several of the popular browsers.
What happens if I do not install the VTCA certificates?
If you do not install the VTCA certificates, you will see annoying popup windows appear asking if you trust the VTCA when accessing secure services that use VTCA issued certificates. All faculty, staff and students at Virginia Tech are encouraged to download and install the VTCA certificates on their browsers.
What web browsers can VTCA certificates be installed on?
Virginia Tech Certificates can be installed on several of the most popular browsers, including:
- Microsoft Internet Explorer
- Firefox
- Safari
Please visit http://www.pki.vt.edu/gettingstarted/start.html to display the step by step instructions on how to install VTCA certificates for your browser.
What if I need help, where do I go?
If you need help installing VTCA certificates please contact 4help at:
- Operations Technicians: Available
24/7
Call 540/231-HELP (4357)
-
Helpdesk Consultants:
Go to the Helpdesk Help Request Form
What is PKI?
PKI or Public Key Infrastructure is a set of comprehensive system policies, procedures, and technologies working together to allow secure and confidential communication between internet users. PKI is based on the idea of encryption using public and private keys.
PKI uses key pairs (public and private keys) where the public key is digitally signed by a third party known as a certification authority.
What is the relationship between PKI and security?
The relationship between PKI and security lies in the fact that the public and private keys can be used for encryption. To secure online transactions one must hide the content of the data being transmitted over the wire, PKI is used to do this task through the use of SSL and TLS.
What are the major elements of PKI?
The major
components of PKI are listed below.
- Certification Authority
- Digital certificates
- Public & private key pairs
- Certificate Policy (CP)
- Certification Practices Statement (CPS)
What is a Certificate Authority (CA)?
A Certification Authority is a trusted third party that verifies the identity of an entity registering for a digital certificate. Once a Certification Authority authenticates the requesting entity's identity, it issues a digital certificate to the requesting entity binding his or her identity to a public key. (Digital certificates can be issued to organizations and devices in addition to people)
What is digital certificate?
Digital Certificate is an electronic document that binds a public key to an entity such as an organization, machine, or a person. The binding of the identity and the public key is done by the issuing CA. The issuing CA will assume the responsibility of verifying the identity of the requesting party. The requesting party is the entity requesting the binding of its public key to its identity.
Do digital certificates have limited life time?
Yes all digital certificates have an explicit start date and an explicit expiration date. Most applications check the validity period of a certificate when the digital certificate is used.
Why is PKI based on trust?
PKI provides the critical element of "trust" in electronic transactions as well as communications. It provides a means for relying parties to know that another individual's or entity's public key actually belongs to that individual/entity. Certification Authority organizations have been established to address this need.
Where can I read more about digital certificates?
- The Corporation for Research and Educational Networking (CREN)
- Public-Key Cryptography Standards
- Internet2 Certificates and PKI
Last updated on May 13, 2008